tag:blogger.com,1999:blog-55873462019-05-23T04:38:03.950-05:00Gordon's NotesCommentary: politics, science, technology and humanity. Secular humanist.JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.comBlogger97125tag:blogger.com,1999:blog-5587346.post-51235959849003911062016-08-24T10:02:00.001-05:002016-08-24T10:06:13.984-05:00Massive phone spam -- from Weatherby Healthcare<p><a href="http://www.weatherbyhealthcare.com/">Weatherby healthcare</a> hires physicians for “locum tennis” roles. That’s filling in for someone on holiday and the like.</p><p>They’ve contracted with the phone spam company from hell. My Google Voice number is deluged with calls like this (email of transcription):</p><blockquote><p>Good morning. This is Kevin with weatherby Health care. I saw you recently inquired online about some outpatient work. I wanted to touch base with you. I'm currently working with several urgent care and outpatient facilities not only in your area, but throughout the country as well that are looking for a position like yourself to provide temporary full time or sporadic shift coverage they offer a high flexibility in the schedule and competitive pay rates. Give me a call back today would love to give you some additional information and details about these opportunities and see how I can be a resource for you my direct line here is 954 300 77 1821 again. This is Kevin with weatherby Healthcare 954 370-7828 have a great day.</p></blockquote><p>and like this:</p><blockquote><p>is Mike Ruskin weatherby Health Care's primary Care team. Hope you're doing well. I was reaching out to you because I came across your information, and I have some new open a family medicine positions available in Minnesota wanted to see if you or any colleagues should have I might be available. Give me a call back when you get this message. Let me know 954-343-2142 again Mike ross again with weatherby 954-343-2142. Thanks so much. Have a great day. Bye.</p></blockquote><p>I blocked several of the numbers, but their phone spam operation is rotating through a large set. Number blocking doesn’t work.</p><p>I’ve turned off text messaging notifications of calls on my GV number and notifications from the GV app and notifications of missed calls. So the only notification I get is now email. In gmail I set a filter for any email with the text “weatherby health” to send it to the trash.</p><p>We desperately need <a href="http://notes.kateva.org/2016/08/what-solution-for-phone-spam-will-look.html">a robocall/phone spam solution</a>.</p><p>Oh, and if you’re a physician — please don’t answer calls from Weatherby. If you’re Weatherby, you’ve made a disastrous choice of marketing services.</p><p>PS. If you’re Google — your Google Voice phone spam filtering needs work.</p>JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com0tag:blogger.com,1999:blog-5587346.post-76876108683564606112016-08-19T11:04:00.001-05:002016-08-19T11:04:58.212-05:00What a solution for phone spam will look like<p>The <a href="https://9to5mac.com/2016/08/19/apple-att-google-and-others-working-with-fcc-to-combat-robocall-phone-spam/">FCC wants a vast and unmanageable array of voice communications carriers to fix the robocall plague</a>.</p><p>I’m here to tell you what will happen. It will work much the way email spam was managed in the 1990s. It will also be the end of our legacy voice communication system and, somewhere along the way, the Feds will mandate that Google and Apple support VOIP interoperability.</p><p>Yeah, email spam is managed. It’s true that 95% of my email volume is spam, but I don’t see it. <a href="http://www.faughnan.com/spam.html#CheapFix">Differential filtering based on the managed reputation of an authenticated sending service works</a>. Push the spam management problem down the sending service, then vary filtering algorithms based on the reputation of the authenticated (PKI) sending service. If you still see large spam volumes or losing valuable email it’s because you’re using Apple as an email service provider. Don’t do that.</p><p>Here’s what I think will happen to enable differential filtering based on the managed reputation of the authenticated calling service. I’m sure insiders know this, but they aren’t talking. </p><ul><li>VOIP interoperability will be mandated. No more Apple-only FaceTime audio.</li><li>Services (AT&amp;T, Verizon) that don’t authenticate or manage their customers are assigned poor baseline scores. Service that authenticate/manage customers (Apple) get high baseline scores.</li><li>Low score calls get sent to spam VOIP, we never see them. Medium score never ring through, they go automatically to transcription and we get transcription summary.</li><li>High score calls are eligible for ring through based on user device settings.</li></ul><div>The carriers will fight like hell to preserve their domain, Apple will fight interoperability, Google will be fine.</div><div> </div><div>PS. For now we have a home phone number that is purely message, the phone doesn’t ring. Google Voice would be even better. If I could set my iPhone to “Do Not Disturb” status strictly for voice calls I’d be fine. I rarely answer unrecognized and unscheduled calls.</div><p><strong>See also</strong></p><ul><li><a href="http://notes.kateva.org/2004/02/economistcom-fight-against-spam-buying.html">Economist.com | The fight against spam - buying a managed reputation</a> 2/2004</li><li><a href="http://www.faughnan.com/spam.html">Fighting Spam</a> - a proposal I first wrote up @1997.</li></ul>JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com2tag:blogger.com,1999:blog-5587346.post-43573182213514836522012-12-06T20:18:00.001-06:002012-12-08T21:24:46.453-06:00Minnesota DFL phone spam - might not be what it seems<p>Since the election we've received a nightly phone call with a Caller ID of MN DFL party and a return number of 651-251-6300. As <a href="http://800notes.com/Phone.aspx/1-651-251-6300">others have noted</a>, that is indeed the phone number for the <a href="http://www.dfl.org/">Minnesota DFL Party</a>.</p><p>I assumed it was simply a fund-raising robocall. We are good Commies and donate to the Party, so it's not surprising that they'd harass us. It has been, however, oddly persistent. So tonight I actually answered the phone -- but I heard only a few meaningless sounds. Nobody was there.</p><p>I wonder if this were really a DFL call, or if someone is <a href="http://en.wikipedia.org/wiki/Caller_ID_spoofing">spoofing their number</a>. That would be a nasty trick; a small donation to the right offshore resources could paralyze a fund-raising program.</p><p>If so, it might be that the villains don't know the election is over. Or the nighty calls could simply be a malfunctioning robocall system. I'll try to contact the DFL and ask what's up (I'll need to disable some of my DFL email spam filters to get a response). Even if it's not a dirty trick in this election cycle, it's a sure-fire strategy for the next one. Just another way that <a href="http://www.antipope.org/charlie/blog-static/2012/12/things-that-keep-me-awake-at-n.html">the era of switched network voice telephony is over</a>. We will need caller-authentication with reputation-based call triage.</p><p>I'll update this with what I hear from the Minnesota DFL.</p><p><strong>Update 12/8/2012:</strong> It seems to be incompetency, not malevolence. It seems the DFL really is spamming our home nightly.</p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5587346.post-59947015725741666072012-08-09T08:22:00.004-05:002012-08-09T08:32:47.196-05:00Dear Dems: Maybe you shouldn't have spammed me so much.<div>The GOP may have a loose relationship with the falsifiable world, but they're tight where it matters. They have money by the truckload, mostly delivered by the deluded wealthy [1] to anonymous GOP funding streams.<small></small></div><div><br /></div><div>So you'd think that Emily and I be inundated with pleas for donations. </div><div><br /></div><div>Instead, crickets.</div><div><br /></div><div>Seemed odd to me, then I remember the dense wall of filters and blocks I had to put up after our last set of donations. I had to block over thirty domains to beat back a deluge of Dem spam.</div><div><br /></div><div>I guess our defenses are working. All those pleas and invitations are probably lost in my spam filters.</div><div><br /></div><div>Maybe my team needs to rethink their fund raising strategy, and to implement rigorous email list control. Work on it guys.</div><div><br /></div><div>In the meantime, I guess we'll have to send money somewhere. Google will probably come up with an address.</div><div><br /></div><div>[1] Besides America, how many other post-industrial nations associate wealth with virtue and intellect?</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5587346.post-39863089821469100542012-08-08T14:23:00.006-05:002012-08-09T08:34:24.842-05:00CAPTCHA has failed, and so anonymous comments may go too.<div style="font-weight: normal; ">My most loyal commenter (that's you Martin) tells me he can't solve Google's CAPTCHAs any more.</div><div style="font-weight: normal; "><br /></div><div style="font-weight: normal; ">Neither can I. I responded ...</div><div style="font-weight: normal; "></div><blockquote style="font-weight: normal; "><div>I can't do the CAPTCHAs either. Blog authors don't usually see them, but occasionally I'm connecting with a non-owner account.</div><div><br /></div><div>I think they've evolved to a point that only human experts and AIs can solve them, and they all work for spammers.</div><div><br /></div><div>Problem is I allow anonymous comments and only moderate if &gt; 4 days, so there's only CAPTCHA and Google spam detection between me and endless hordes of mosquitoes.</div><div><br /></div><div>As an experiment I've disabled CAPTCHAs on notes.kateva.org. I'll see how good Google's spam detection is. If the volume is too high I'll turn off anonymous comments. I agree, CAPTCHA has reached the end of the road.</div></blockquote><div style="font-weight: normal; ">Even in tiny market blogs like mine, comment and discussion is problematic.</div><div style="font-weight: normal; "><br /></div><div><b>Update 8/9/12</b>: No problems! I should have dumped CAPTCHA years ago. Turns out I did on tech.kateva.org and then forgot I had. Google's comment spam filters are pretty amazing.</div>Unknownnoreply@blogger.com4tag:blogger.com,1999:blog-5587346.post-80439044561517889362012-06-16T08:26:00.001-05:002012-06-16T08:26:21.467-05:00The evolution of spam: Nordstrom and mandatory spam acceptance<p>We've come a long way baby.</p><p><a href="http://www.usatoday.com/tech/news/2011-07-09-email-receipts_n.htm">A year ago Nordstrom's began offering optional email receipts</a> as "a convenient, environmentally friendly alternative to paper receipts."</p><p>Of course there are alway a few skeptics who doubted <a href="http://en.wikipedia.org/wiki/Nordstrom">Nordstrom'</a>s integrity, but USA Today was reassuring</p><blockquote><p><a href="http://www.usatoday.com/tech/news/2011-07-09-email-receipts_n.htm">Retailers ditch paper and pen, use email for receipts - USATODAY.com</a></p><p>... no retailer serious about building a relationship with its customers would consider taking advantage of email access, said John Talbott, assistant director of Indiana University's Center for Education and Research in Retailing.</p><p>That's because for the retailer, the most significant benefit is being able to offer a service customers appreciate, he said. It isn't about cutting costs, he said, as less than 1% of a retailer's total revenue goes toward paper and ink for receipts.</p><p>Instead, the driving force is providing an option that makes the store a more appealing place to shop...</p></blockquote><p>Yesterday Emily bought a shirt at Nordstrom's. The email receipt, she was told, was mandatory. No, of course there'd be no spam. She doesn't have a <a href="http://mail.yahoo.com">spam account</a>, so she gave them her gmail account.</p><p>She got her first Nordstrom spam a few hours later. I'll show her how to use filters later today.</p><p>Not to worry though, paper receipts are not long for this world. Soon we'll be buying things with our phones. No spam there, since of course there's <a href="http://nfcme.com/nfc-an-e-mail-marketers-dream/">no tie between our phone's unique identifier and our email and phone number</a>.</p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5587346.post-74398372298202353272011-04-13T16:00:00.000-05:002011-04-13T19:42:58.279-05:00Text Spam: Phone company text messaging must die<p>I don't <em>like</em> paying $20/month for our AT&amp;T unlimited texting family plan. After all, it costs AT&amp;T next to nothing to provide SMS services.</p><p>I pay because <a href="http://tech.kateva.org/2009/09/beejive-im-for-iphone-as-sms.html">the current IM alternatives don't work</a>. That leaves texting as <a href="http://notes.kateva.org/2010/11/phone-call-is-dead-sort-of.html">the polite alternative to the unscheduled phone call</a>. I pay because what I get is worth more than the money I pay.</p><p>Or, rather, it <em>was</em> worth more. It's worth less all the time, because I'm getting more text spam like these <a href="http://www.smswatchdog.com/text-message-from/595959">595-959 Welcome to Sears/Kmart Shop Your Way Rewards Text Alrts</a> (yeah, "Alrts") ...</p><p><a href="http://2.bp.blogspot.com/-I-nlaiYYSng/TaYNz7OSZmI/AAAAAAABcfQ/6lOwKFG1PNs/s1600/photo-741101.PNG"><img id="BLOGGER_PHOTO_ID_5595174772776527458" style="border: 0px initial initial;" src="http://2.bp.blogspot.com/-I-nlaiYYSng/TaYNz7OSZmI/AAAAAAABcfQ/6lOwKFG1PNs/s320/photo-741101.PNG" border="0" alt="" /></a></p><p><a href="http://tech.kateva.org/2011/02/managing-spam-text-messages-on-at.html">Unlike "full number" text spam</a>, AT&amp;T won't accept reports for these...</p><p><a href="http://1.bp.blogspot.com/-FI9E9uyjBEU/TaZAHz0BLBI/AAAAAAABcfs/zVB_GzJ6qck/s1600/photo-722491.PNG"><img id="BLOGGER_PHOTO_ID_5595230089966070802" style="border: 0px initial initial;" src="http://1.bp.blogspot.com/-FI9E9uyjBEU/TaZAHz0BLBI/AAAAAAABcfs/zVB_GzJ6qck/s320/photo-722491.PNG" border="0" alt="" /></a></p><p>Instead, <a href="http://developer.att.com/developer/forward.jsp?passedItemId=2400426">AT&amp;T markets "short code" text message services</a>. They charge spammers to spam us, and, I assume, they charge us to receive the spam. Talk about a win-win!</p><p>You could try completing the <a href="https://esupport.fcc.gov/ccmsforms/form1088.action?form_type=1088G">FTC's spam report form for wireless phones</a>, but as of today it's not designed for text message reporting. It's as though the FTC got caught in a time warp @ 2002.</p><p>This is only going to get worse. There are now two phone companies in America, and they hate us almost as much as we hate them. They hate us so much they'll drive us to abandon their most profitable service.</p><p>We need an alternative to phone company controlled text messages. We need a messaging service that includes spam filtering -- and that doesn't make us sitting ducks for low grade spam. Blackberry did this years ago; maybe when RIM dies in 2013 either Apple or Google will buy their texting service -- and give us something worth paying for. Maybe California will ban text spam and end our spam as a side-effect. Maybe all of the above.</p><p>There's an opening here. Help me out Apple, Google, and California!</p>John Gordon jrhttp://www.blogger.com/profile/16788172186096983097noreply@blogger.com6tag:blogger.com,1999:blog-5587346.post-17722144088844665922011-01-28T19:22:00.000-06:002011-01-28T19:22:53.045-06:00Administrivia: return of the captchaGoogle's <a href="http://en.wikipedia.org/wiki/Spam_in_blogs">spam comment</a> detection isn't good enough. After a one month test I've given up and restored a captcha function (yech) for Gordon's Notes comments.<div><br /></div><div>Sorry.</div>JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com0tag:blogger.com,1999:blog-5587346.post-37355002022654399652010-12-05T11:30:00.001-06:002010-12-05T11:30:55.524-06:00If Google acquires Groupon they're absolutely insane<p>There's a rumor that Google is going to acquire <a href="http://www.groupon.com/minneapolis-stpaul/">Groupon</a> for a zillion dollars.</p><p>I signed up to see what it was about. Naturally I used my mail.yahoo.com junk email address - a disposable digital identity. (If it ever annoys me too much, I will destroy it and create a new Yahoo persona.)</p><p>Groupon is a service that sends you spam. You can't opt out of the spam. Oh, and you can never leave. There's no obvious way to delete a Groupon account.</p><p>If Google buys Groupon then I will begin disentangling my data from Google. It will be an incontrovertible sign that they've gone off the rails.</p>JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com1tag:blogger.com,1999:blog-5587346.post-85761799929130146812010-11-08T19:26:00.001-06:002010-11-08T19:26:09.945-06:00Edging to AI: Constructive (almost) comment spam<p>It took me a day to realize that this comment on <a href="http://notes.kateva.org/2010/11/apologetics-god-and-fermi-paradox.html?showComment=1289178761504">Gordon's Notes: Apologetics: God and the Fermi Paradox</a> was a spam comment (Spomment):</p><blockquote><p>Luke said... Interesting questions you ask - as always enjoy reading your posts. We all have our personal experiences &amp; beliefs, but I do have to challenge you to check out an event coming up in the spring that I recently was introduced to. March 12, 2011 a simulcast called The Case for Christianity is taking place that will address the very question you have asked. Led by Lee Strobel (former Legal Editor of the Chicago Tribune) &amp; Mark Mittelberg, all of the most avoided questions Christians don't like to answer or even discuss. Both are authors of extremely intriguing books, I encourage you to check them out as well as the simulcast in March. Definitely worth the time &amp; worthy of the debate! Thanks again!</p></blockquote><p>It's obvious in retrospect "interesting questions you ask" is a give away. It doesn't address any specific aspect of my post, and it leads directly into an event promotion.</p><p>Still, it snuck under my radar -- and Google's too. It's well constructed.</p><p>Of course the construction was human, only the targeting was algorithmic. It's a bit of a milestone though -- it's almost a relevant comment.</p><p><a href="http://notes.kateva.org/2009/08/evolution-of-comment-spam-from-parasite.html">Charles Stross</a> and <a href="http://notes.kateva.org/2007/12/slouching-towards-skynet.html">others</a> have speculated that spambot wars will spawn hard AI. First, though, they have to become specific, relevant, and <a href="http://xkcd.com/810/">constructive</a>. We're getting closer ...</p><p>Incidentally, shame on Strobel and Mittelberg for using this kind of sleazoid marketing.</p><p>See also:</p><ul><li><a href="http://notes.kateva.org/2007/12/slouching-towards-skynet.html">Gordon's Notes: Slouching towards Skynet</a> (2007)</li><li><a href="http://notes.kateva.org/2009/08/evolution-of-comment-spam-from-parasite.html">Gordon's Notes: The evolution of comment spam - from parasite to symbiote?</a> (2009)</li><li><a href="http://notes.kateva.org/2010/01/phishing-with-post-turing-avatar.html">Gordon's Notes: Phishing with the post-Turing avatar</a> (2010)</li><li><a href="http://xkcd.com/632/">xkcd: Suspicion</a>: Spambot love</li><li><a href="http://xkcd.com/810/">xkcd: Constructive</a> (2010 - when spambots rule)</li></ul>JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com0tag:blogger.com,1999:blog-5587346.post-57967069616979802172010-10-13T20:56:00.001-05:002010-10-13T20:56:35.682-05:00Friendly fire - how Dem spam killed my donationsI'm a good commie. Each cycle we &nbsp;give some money to help Dems.<br /><br />Not this election though. Partly, that's because my team's spam has gone astronomical. The spam flow is legal though, because <a href="http://www.imediaconnection.com/content/8272.imc">"political speech" isn't covered by the CAN-SPAM act of 2003</a>.<br /><br />Campaign spam comes with 'unsubscribe' links, but they don't seem to be connected to anything. Even if they were, however, I'd probably be re-enrolled with the next list update. I doubt the campaigns spend much on mailing list hygiene.<br /><br />At least the email headers aren't faked, so I have about thirty Gmail filters that send all email from all identified campaign-related domains to the trash. I'm probably not the only one doing this though, because lately the domain names are proliferating. The speech spammers are trying to get around my filters.<br /><br />This is a job for the <a href="http://dfl.org/">DFL</a>. Yes, it's a bit of a reach for them -- but we're talking money. Money talk gets politician's attention. Here's what the DFL can do:<br /><ol><li>Get serious about a state wide unsubscribe service. Tell campaigns that if they don't follow the rules, they don't get funding or DFL support.</li><li>Forget about reaching me by email. There's nothing a politician can put in a mass email that will interest me (the vast majority of political speech is aimed at the undecideds). Instead set up narrowcast feeds aimed at literate geeks whose vote is not in doubt.</li><li>Enjoy the money Emily and I will send after the spam stops.</li></ol>JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com1tag:blogger.com,1999:blog-5587346.post-83051393130255705012010-08-12T21:50:00.002-05:002010-08-12T21:50:44.431-05:00Comments now without captcha and without moderation<div>Blogger, long left for dead, tottered into the pub this week. Among other signs of life,&nbsp;<a href="http://tech.kateva.org/2010/08/its-alive-blogger-lives.html">there's a new comment spam filtering system</a>.<br /><br />I disabled comment moderation and the captcha on tech.kateva.org a few days ago, and I haven't seen many problems. So today I've removed it for posts less than 28 days old on notes.kateva.org.<br /><br />It's good to get rid of the captcha. I really don't like those.</div><small></small>JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com0tag:blogger.com,1999:blog-5587346.post-44947085265730119662010-01-13T08:01:00.004-06:002010-01-13T08:11:55.187-06:00Innovations in comment spam<div>Comment spam continues <a href="http://notes.kateva.org/2009/08/evolution-of-comment-spam-from-parasite.html">its rapid evolution</a>. Despite <a href="http://notes.kateva.org/2009/11/i-add-despised-comment-captcha.html">my reluctant surrender to the Captcha</a> I'm seeing novel mutations every few months.</div><div><br /></div><div>A recent technique is to write a reasonably detailed comment about a fairly specific topic, like "junk DNA". A query engine then identifies all blog posts that have a high match to the comment. An automated posting process, perhaps with some tool-assisted human powered captcha processors (via <a href="http://bestyoucanbe.blogspot.com/2006/06/21st-century-employment-for-persons.html">Amazon's Mechanical Turk</a>?), submits the post to thousands of blogs.</div><div><br /></div><div>Even with human review, the comment submissions will be a good quality match to a meaningful number of blog posts. The comment gets posted, and the spammers get something of value (link referrals?).</div><div><br /></div><div>The one I rejected today was clumsily written, so it was fairly easy to spot. It contained an unnecessarily specific reference to a "first post", the author name was a marketing phrase, and the grammar and phrasing could have been better. I've probably missed better ones!</div><div><br /></div><div>We can expect rapid improvement. In time they might evolve to transiently novel insights statistically applied to the right spot at the right time. At that point, would we not welcome them?</div><div><br /></div><div>In the meantime we do need Google to start filtering these comments the same way they filter email. This particular approach lends itself to statistical filters, and of course the use of author reputation in filtering algorithms. Alas, <a href="http://notes.kateva.org/2009/09/fear-cloud-bloggers-unfixed-5000-post.html">Google has forgotten all about poor Blogger</a> ...</div>--<br /><small><a href="feed://www.google.com/reader/public/atom/user/06457543619879090746/state/com.google/broadcast">My Google Reader Shared items (feed)</a></small>JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com0tag:blogger.com,1999:blog-5587346.post-73459943170360372762009-12-02T14:11:00.008-06:002009-12-03T21:12:23.198-06:00It's not over. The rise of second generation spam.First generation spam was pretty bad, but it's more or less under control now. Between sharpening spam recognition algorithms, crowd sourcing, and managing the reputation of authenticated sending services Google has beaten back the tide.<div><br /></div><div>So that's it for spam?</div><div><br /></div><div>Heh. Of course not. Now we have second generation spam.</div><div><br /></div><div>Second generation spam does not use forged headers -- though the headers do seem to change a fair bit. This spam is not anonymous, it markets real goods, services - and politicians.</div><div><br /></div><div>The goods and services aren't too hard to manage. I created a filter that sends anything from "buy.com" to the trash -- that took care of 80% of it.</div><div><br /></div><div>The politicians are much worse. I get daily spam from fund raising politicos, PACs and other accessories to the political process. I now have about 25 Gmail filters that do nothing but delete all incoming email from their domains. The domains typically last a few months, and then there's a new crop. At this rate I'll have 200+ Gmail filters that delete email from largely defunct domains.</div><div><br /></div><div>What? Ask to be removed from the lists? Clearly you're just toying with me. I tried that of course, but it doesn't work. I just get added back in they next time some politico buys a list. (Maybe I should start forwarding to <a href="http://www.ftc.gov/opa/2004/07/newspamemail.shtm">spam@uce.gov</a> as well?)</div><div><br /></div><div>It's hard for any ISP to block this kind of spam. Politicians generally exempt themselves from laws that slow fundraising; if Google blocked their spam they'd be asking for a world of hurt. Better to get between a Grizzly and her cub than between a politician and your wallet.</div><div><br /></div><div>We need a different approach to political spam. Sorry, I have to vote for some these dorks -- better spam than Palin and her ilk! So changing my vote's not enough. Any ideas?</div><div><br /></div><div>I do have one quick fix. Google could add a "blacklist all from this domain" to the message action select menu. Choose it and the message is deleted and the blacklist entry created in a one move.</div><div><br /></div><div>Another related fix -- allow Gmail users to share their blacklists. So Google wouldn't get in trouble, because we'd be choosing what block.</div><div><br /></div><div>Any other ideas?</div>JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com0tag:blogger.com,1999:blog-5587346.post-84434839675340564462009-11-12T06:32:00.002-06:002009-11-12T06:35:58.253-06:00I add the despised comment captchaI dislike Captcha (usually a text recognition test) as much as anyone -- but lately my email has been clogged with notices of blog comments to review. They're almost all spam.<div><br /></div><div>So I had to turn on the Captcha test. If the spambots get bored I'll try turning it off again.<br /><br /><small></small></div>JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com0tag:blogger.com,1999:blog-5587346.post-26852902822933657922009-09-06T10:58:00.009-05:002009-09-06T11:16:07.975-05:00Death of email part XI: forwarded emails with big red phishing warningsI own a few domains, including <a href="http://tech.kateva.org/2007/04/google-apps-for-our-family.html">a Google Apps domain we use for our family</a> [1]. My immediate family members, excluding Kateva (canid), have calendars and emails in the family domain. Overall, it works pretty well. It pounds Apple's warped MobileMe into the sand. Savagely.<br /><br />For reasons that aren't worth trying to describe, I've used an email redirector for some of these accounts. This is forwarding at the domain level, not forwarding from an email account.<br /><br />This used to work pretty well, but when I tested it on a new account two problems appeared:<br /><ol><li>It was filtered to Google spam.</li><li>A BIG RED PHISHING warning appeared when I opened the email.<br /></li></ol>I was able to correct this by marking it as 'not spam' and 'not phishing' (the UI for the latter is a bit non-obvious, I had to follow the help link in the phishing notice).<br /><br />This is a great example of the <a href="http://notes.kateva.org/2009/09/baseball-parents-communication-is-it.html">tech churn meme</a> I wrote of yesterday. Email is in a troubled state as it painfully moves from the old world of the naive net to the new world of authenticated messaging [2].<br /><br />This redirect mechanism is clearly not going to work, perhaps because the redirecting domain has been used by spammers in forged email headers [3].<br /><br />Ouch. This is definitely a problem. I have some workaround ideas, but this will be a bugger to test since Google doesn't talk much about what it's doing.<br /><br />--<br /><br />[1] Free edition. If google drops the price on their small business product I'd upgrade to get some customer support options.<br />[2] One reason people like facebook messaging is that it's deeply authenticated.<br />[3] The curse of old, private, domains. Mine is very old. There's no defense against such forgery. See also two 2006 posts about a related problem (this isn't new)<br /><ul><li><a href="http://tech.kateva.org/2006/09/gmail-spam-filtering-crisis-with-gmail.html">Gmail spam filtering threatens services</a></li><li><a href="http://notes.kateva.org/2006/09/spam-blacklists-are-back-and-war-may.html">Spam - blacklists are back</a></li></ul>JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com0tag:blogger.com,1999:blog-5587346.post-57715604474400847092009-08-30T06:56:00.016-05:002010-01-01T19:34:37.891-06:00The evolution of comment spam - from parasite to symbiote?Lately I've been getting blog comments that blur the spam/non-spam species boundary.<br /><br />Comment spam used to be pretty clear. It would be unrelated to the post topic, and contained a link to a splog or other more or less fraudulent web page. These were easy to automatically block, so spammers dropped the links. Second generation comment spam aimed for search engine "optimization" through reputation enhancing back links to the author URL. Second generation comment spam was made of strings like "thanks for the the great post"<br /><br />These were harder to machine reject, but easy for human reviewers to spot.<br /><br />Now I'm seeing third generation comment spam. These have no links, and they're actually related to the original post. Sometimes they're almost <a href="http://en.wikipedia.org/wiki/Non_sequitur">non-sequiturs</a>, but mostly they read like a fourth grade student answering a homework assignment. The grammar suggests either a very young or non-english writer. They do link back to splogs.<br /><br />So how's the new species of comment spam being authored? It could be AI based -- maybe calling <a href="http://www.wolframalpha.com/">Wolfram Alpha</a> or Wikipedia to retrieve relevant strings. It's probably human though -- outsourced work being done by low paid labor churning out comments at high speed.<br /><br />This third generation spam isn't trivial to reject. Sometimes I have to think about it.<br /><br />We know where this is going. Fourth generation spam comments will actually make sense. They'll be legitimate comments.<br /><br /><a href="http://en.wikipedia.org/wiki/Fifth_generation_computer">Fifth Generation</a> spam comments will be very high quality. <a href="http://notes.kateva.org/search/label/skynet">Skynet</a> will appreciate them.<br /><br /><b>Update 9/4/09</b>: <a href="http://gizmodo.com/5352692/how-well-do-you-really-know-your-significant-other">Another (funny) take on the theme</a>. Also, see the comment by one of my favorite writers.<div><br /></div><div><b>Update 1/1/10</b>: <a href="http://www.flurb.net/1/doctorow.htm">Cory Doctorow's excellent 2006 novella <i>I, Row-boat</i></a> (read it, <a href="http://www.flurb.net/1/doctorow.htm">it's online</a>) tells us how Robbie the row-boat's ancestors became sentient ...</div><blockquote>“Back in the net’s prehistory it was mostly universities online, and every September a new cohort of students would come online and make all those noob mistakes. Then this commercial service full of noobs called AOL interconnected with the net and all its users came online at once, faster than the net could absorb them, and they called it Perpetual September.”...<br /><br />... “AOL is the origin of intelligence?” She laughed, and he couldn’t tell if she thought he was funny or stupid. He wished she would act more like he remembered people acting. Her body-language was no more readable than her facial expressions.<br /><br />“Spam-filters, actually. Once they became self-modifying, spam-filters and spam-bots got into a war to see which could act more human, and since their failures invoked a human judgement about whether their material were convincingly human, it was like a trillion Turing-tests from which they could learn. From there came the first machine-intelligence algorithms, and then my kind...</blockquote>JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com2tag:blogger.com,1999:blog-5587346.post-24794103785629755692009-08-20T19:43:00.002-05:002009-08-20T20:02:07.519-05:00Conde Nast's latest spam ploy - Axciom's Delivery.net<div>Conde Nast, publishers of Gourmet and other periodicals, holds <a href="http://consumerist.com/378529/conde-nast-will-never-stop-emailing-you-never-stop-asking">a place of dishonor</a> among the <a href="http://notes.kateva.org/2007/10/cond-nast-and-spam-whats-deal-here.html">world's scummiest spammers</a>. It will be a sad commentary on humanity if the New York Times goes under and Conde Nast survives.</div><div><br /></div><div>Spam must work for them, because they invest a fortune in spam and associated legal fees. They're not too hard to block; even though they change their email address every few months it's only a moments work to add another Gmail 'filter to trash' rule.</div><div><br /></div><div>Today, though, they're trying something knew. They're sending their email using a "delivery.net" account with a dedicated spamming service:</div><blockquote><a href="http://delivery.net/">Acxiom Digital</a><div><br /></div><div><a href="http://delivery.net/"></a>... Acxiom Digital helps the world's leading marketers create and deliver permission-based email marketing campaigns. Acxiom Digital acts as an agent for our clients in delivering email communications to their customers. Our clients own the data on their customers, including email addresses, which are gathered via permission-based processes at their website or other online and offline sources...</div></blockquote><div></div>"Permission-based" my ass.<div><br /></div><div>So now anything from 'delivery.net' is immediately deleted. It will be interesting to see what email address Conde Nast uses next.</div><div><br /></div><div>Friends don't let friends buy Conde Nast products.</div>JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com0tag:blogger.com,1999:blog-5587346.post-35083553029810728342009-06-26T09:51:00.003-05:002009-06-27T09:24:54.676-05:00Facebook observationsI've been enjoying <a href="http://www.facebook.com/">Facebook</a>, though the iPhone client is overdue for an overhaul. My conclusions about what's interesting with FB are a bit different from what I usually read, so, inevitably, I'm compelled to share:<br /><ol><li>Internal identity - no anonymity. This means control over communications, which means spam is manageable. The FB equivalent of spam is metastatic "apps", but, for the moment, you can opt out of those. Spam free communication environments are worth much more these days than they were 7 years ago.</li><li>It's AOL 2.0. I remember when AOL was interesting, back when it was a Mac only spinoff of one of Apple's many failed online communities. I'll call that AOL 1.0. Of course in those days there was no spam, no phishing, no viruses -- essentially the proto-Net was risk free. That meant AOL didn't have an enormous amount to offer, but it still did quite well. Now the Net is extremely risky, especially for XP users. AOL 2.0 has a much bigger value proposition than AOL 1.0.</li><li>I love pub/sub, especially as implemented in feeds and readers. Unfortunately, this technology was a bridge too far for the vast majority of humanity. Only the uber-geeks knowingly use feed readers like Google Reader; all the good desktop XP feed readers have died. Facebook is all about pub/sub, but they've made the technology feel natural to their base. That's a real accomplishment.</li><li>Facebook has shown (sigh) that logic and usability are not all that important for a social application.</li></ol>I've never paid much attention to the alleged role Facebook played in electoral politics. I'm still unsure how much of that is real, but there is some potential to gradually encourage specific memes in one's FB network. It has to be done judiciously. I actually streamed my Google Reader "notes/shares" into FB for a while and I think I about vaporized my friends. Now I restrict the meme injections to 1-2 a week.<br /><br />The dark side of FB, of course, is data lock. (Privacy you say? Surely you've given up on that 20th century dream.) They're providing more APIs and sharing more identity information than they have, but I would never put my photo library on FB. It's a place to put things that are intentionally transient.JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com0tag:blogger.com,1999:blog-5587346.post-11353595229658355472009-03-27T16:29:00.001-05:002009-03-27T16:29:52.095-05:00Death to Captchas<p>Beck when machines had trouble solving simple Captchas, they weren't a bad idea.</p> <p>Now the machines are much better at solving them than we are. I see red when I see a Captcha, no matter the color of the cursed thing... </p> <blockquote> <p><a href="http://pogue.blogs.nytimes.com/2009/03/27/recent-stuff-that-bothers-me/">Recent Stuff That Bothers Me - Pogue’s Posts - NYTimes.com</a> </p> <p>... These days, blogs and Web sites often require you to prove that you’re human by typing in the text version of some distorted picture of a word. The idea is to screen out automated software spambots that fill the Comments area with auto-generated ads...</p> <p><img alt="Captcha" src="http://graphics8.nytimes.com/images/2009/03/27/technology/personaltech/27poguespost.110.jpg" /></p> <p>... I suddenly realized how much I hate these things when I got a note from reader Jason Donovan, who’s started <a href="http://ihatewordverifications.blogspot.com">a Web site</a> where you can post your favorite (meaning most ridiculous) Captcha images.</p> <p>Some of the starter images posted there aren’t hard to figure out. But the ones in color, one of which I’ve pasted here, are living, breathing proof that these things have gotten quite out of control.</p> </blockquote> <p>I moderate all comments and foreswear the cursed Captcha. It was a nice try, but the experiment failed. The machines aced the Turing test.</p> JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com1tag:blogger.com,1999:blog-5587346.post-89658726769157683412009-02-07T17:26:00.003-06:002009-02-07T17:57:16.753-06:00AT&T sends more SMS Spam, locusts infest exec underwearThe phone chirped notice of an incoming text message. We don't have an SMS plan, so that's unusual. Was it an urgent message from my wife?<br /><br />I struggled to pull the phone from my pocket. Oops, drifting in my lane a bit. A sharp correction ... too sharp on black ice. The van spins into the path of the oncoming oil tanker.<br /><br />It's all so fast. The crunch and shattering glass, the crushing pain, then the searing fireball. The last thing I see is the message ...<br /><blockquote>"AT&amp;T FREE MSG: Share your love ... Add a Line for your Valentine! Visit an AT&amp;T Store .."<br /></blockquote>Lungs searing, I gasp out my Death Wish.<br /><br />A plague of locusts infests the underwear of the AT&amp;T executive team -- and that's just the beginning ...<br /><br />Apparently, AT&amp;T was not discouraged by the reaction to their American Idol spam ...<br /><blockquote><a href="http://notes.kateva.org/2009/01/annals-of-idiocy-at-spams-customers.html">Gordon's Notes: Annals of idiocy - AT&amp;T spams customers about a TV show</a><br /><br />... lunacy like AT&amp;T's recent bonehead move deserves at least a whimper or two (emphases mine) ...<br /><blockquote><a href="http://www.nytimes.com/2009/01/14/technology/14idol.html">AT and T Sends Customers ‘Idol’ Ads - NYTimes.com</a><br /><br />Some AT&amp;T Wireless customers have voted an emphatic no on a promotion for “American Idol” that popped up on their phones this week.<br /><br />AT&amp;T, a sponsor of the show, said it sent text messages to <span style="font-weight: bold;">a “significant number” of its 75 million customers, urging them to tune in to the season premiere on Tuesday night</span>...<br /><br />... Mark Siegel, a spokesman for AT&amp;T Wireless, said the message was meant as a friendly reminder. “We want people to watch the show and participate,” Mr. Siegel said. He added, “<span style="font-weight: bold;">It makes perfect sense to use texting to tell people about a show built on texting</span>.”<br /><br />... Mr. Siegel said the message went to subscribers who had voted for “Idol” singers in the past, and other “heavy texters.” He said the message <span style="font-weight: bold;">could not be classified as spam because it was free and because it allowed people to decline future missives</span>...<br /><br />... Richard Cox, the chief information officer for Spamhaus, a nonprofit antispam organization based in Britain, countered: “<span style="font-weight: bold;">It’s absolutely spam. It’s an unsolicited text message. People who received it didn’t ask for it. That’s the universal definition of spam</span>.”..<br /></blockquote></blockquote>So now they're back, advertising AT&amp;T services.<br /><br />I replied "STOP" to the message. I suspect I'll be dinged 20 cents for that one. There will be more.<br /><br />I wonder how they know not to send these things to, say US Senators? They must have some way to avoid infuriating people who might hurt them with something more material than imaginary locusts.<br /><br />Maybe AT&amp;T has forgotten that it's not the Bush era any more. <a href="http://www.mccollum.house.gov/">Betty McCollum</a> is our US Senator, and soon, if we're lucky, Al Franken will join her. He's not there yet, so let's see if Betty is interested in sending AT&amp;T some Minnesota love ...<br /><br /><span style="font-weight: bold;">See also</span>: <a href="http://notes.kateva.org/2008/03/head-still-exploding-at-mobile-phone.html">AT&amp;T's rebate scam</a>. I wonder if they've had any serious accounting audits lately; corporations who play these sorts of games tend to play other games too ...JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com0tag:blogger.com,1999:blog-5587346.post-80612476165308377682009-02-04T14:00:00.001-06:002009-02-04T14:00:51.310-06:00Buy.com: Queen of the named spammers<p>The <a href="http://www.buy.com">Buy.com</a> spam has been flowing in lately.&#160; Amazing variety, amazing volumes. I'd <a href="http://notes.kateva.org/2007/01/buycom-why-so-much-spam.html">blacklisted them a year ago</a>, so I was a bit surprised. (See my <a href="http://tech.kateva.org/2007/03/my-personal-spam-blacklist-gourmet-sony.html">personal blacklist</a> of <a href="http://notes.kateva.org/2007/03/spam-with-real-addresses-another.html">named spammers</a>).</p> <p>Turns out they'd gotten another email address of mine, probably scraped from the net, and their spam was flowing in from a new hole. I decided to submit a 'remove request' and see if they were any better behaved these days, but that just doubled the sewage.</p> <p>So I've closed the new opening. Of course I'll never purchase anything through Buy.com. I'm disappointed that Google Checkout hasn't dropped them.</p> <p>Conde Nast is the king of the named (public) spammers, but&#160; Buy.com is a close second!</p> <p>I hope they're not long from this world. Please avoid them.</p> JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com0tag:blogger.com,1999:blog-5587346.post-57576251116874884642009-01-13T21:53:00.002-06:002009-02-07T17:30:28.059-06:00Annals of idiocy - AT&T spams customers about a TV showWe live in <a href="http://notes.kateva.org/2009/01/eight-years-among-worst.html">numbing times</a>. There's not much outrage left, we have to marshall what we have to deal with the <a href="http://notes.kateva.org/2009/01/american-torture-whats-next.html">Cheney/Bush torture program</a>.<br /><br />Still, lunacy like AT&amp;T's recent bonehead move deserves at least a whimper or two (emphases mine) ...<br /><blockquote><a href="http://www.nytimes.com/2009/01/14/technology/14idol.html">AT and T Sends Customers ‘Idol’ Ads - NYTimes.com</a><br /><br />Some AT&amp;T Wireless customers have voted an emphatic no on a promotion for “American Idol” that popped up on their phones this week.<br /><br />AT&amp;T, a sponsor of the show, said it sent text messages to <span style="font-weight: bold;">a “significant number” of its 75 million customers, urging them to tune in to the season premiere on Tuesday night</span>...<br /><br />... Mark Siegel, a spokesman for AT&amp;T Wireless, said the message was meant as a friendly reminder. “We want people to watch the show and participate,” Mr. Siegel said. He added, “<span style="font-weight: bold;">It makes perfect sense to use texting to tell people about a show built on texting</span>.”<br /><br />... Mr. Siegel said the message went to subscribers who had voted for “Idol” singers in the past, and other “heavy texters.” He said the message <span style="font-weight: bold;">could not be classified as spam because it was free and because it allowed people to decline future missives</span>.<br /><br />“It’s clearly marked in the message what you need to do if you don’t want to participate,” he said. “It couldn’t be more open and transparent.”<br /><br />Richard Cox, the chief information officer for Spamhaus, a nonprofit antispam organization based in Britain, countered: “<span style="font-weight: bold;">It’s absolutely spam. It’s an unsolicited text message. People who received it didn’t ask for it. That’s the universal definition of spam</span>.”..<br /><br />...Mr. Siegel of AT&amp;T defended the use of the medium given that voting by text message had played a big role in “American Idol.”<br /><br />“Text messaging is the perfect way for us to tell people about this wildly successful show and to watch it,” he said...</blockquote>Mr. Siegel's soul has had a rather bad day. I hope he sends it out for some rehab. Being a spokesbot for AT&amp;T can't be pleasant.<br /><br />AT&amp;T's cell phone spam attack is not as bad as <a href="http://tech.kateva.org/2005/11/microsoft-declares-sony-is-malware.html">SONY injecting malware into their customer's computers</a>, but it still deserves a spark of outrage.<br /><br />Ok, a feeble squib of outrage.<br /><br />Still. Something.<br /><br /><span style="font-weight: bold;">Update 2/7/09</span>: <a href="http://i.gizmodo.com/5131721/att-testing-the-waters-with-american-idol-spam-texts">Gizmodo's comments</a>.JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com0tag:blogger.com,1999:blog-5587346.post-92008516487715496592008-03-17T16:21:00.007-05:002010-03-12T13:58:40.298-06:00Phishing traps via blog post comments - a newer variantThe other day I allowed a comment a bit like this one to be added to one of my blogs:<br /><blockquote>Hello. This post is likeable, and your blog is very interesting, congratulations :-). I will add in my blogroll =). If possible gives a last there on my blog, it is about the Smartphone, I hope you enjoy. The address is http://_____.blogspot.com.</blockquote>The spelling and grammar was a bit better, but the form was similar (I removed part of the URL). I checked the site prior to approving the post and it seemed superficially legitimate.<br /><br />Today I received two more pending comments, each with slightly different wording and different web topics.<br /><br />Clearly, I got fooled. I shouldn't have allowed the first comment of this class. I'll have to hunt it down and delete it.<br /><br />My guess is all the sites referenced in these comments are either compromised legitimate sites or they are trap sites. Maybe all they need is for someone reviewing the posts, like me, to check if the site is legitimate. The recent "breaking" of Google's CAPTCHA technology may be a part of the operation.<br /><br />I just hope I used a Mac for my original site check, and not my XP machine! XP boxes are so vulnerable they really shouldn't be allowed on the web.<br /><br />I'll be extra careful going forward.<div><br /></div><div><b>Update 3/11/2010</b>: I loved this comment I received today ...</div><blockquote>So, you aproved one of the comments and received a few similar ones? What's bad about that? You don't have to approve the other ones if you don't want to. I don't see any trap here.<div></div></blockquote><div>The author's name was linked. It didn't resolve to a person, it resolved to a spam blog (splog) article. It wasn't a direct phishing attack comment, but it was of the same genre of comment spam. In this case the desire is to increase pointers to a fraudulent web site, to do "search engine optimization".</div><div><br /></div><div>Why do I love this example of comment spam? Because it's a fraudulent comment complaining that I'm dissing fraudulent comments. That's kind of funny.</div><div><br /></div>JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com2tag:blogger.com,1999:blog-5587346.post-10606911191961102042007-10-30T00:29:00.000-05:002009-03-11T21:38:08.960-05:00Is Google winning the spam wars?<a href="http://jfaughnan.blogspot.com/search?q=gmail+spam">I've posted on Gmail and spam fairly often</a>. <a href="http://tech.kateva.org/2006/09/gmail-spam-filtering-crisis-with-gmail.html">A year ago things looked pretty bad</a>, but then I realized that my email redirection was <a href="http://jfaughnan.blogspot.com/2006/09/spam-blacklists-are-back-and-war-may.html">poisoning the domain reputation algorithms Gmail used back then</a>.<br /><br />From Sept 1996 through July 2007 Gmail's spam filtering was doing pretty well, but in <a href="http://jfaughnan.blogspot.com/2007/07/problems-in-google-land-gmail-blogger.html">July they had a serious screwup</a>. Mercifully by August it was under control and the results have been great for three months.<br /><br />It seems Google's Gmail team has also noticed things are going well, today they <a href="http://googleblog.blogspot.com/2007/10/its-not-about-spam.html">declared light at the end of the tunnel</a>. <a href="http://googlesystem.blogspot.com/2007/10/how-gmail-blocks-spam.html">Google OS followed up with a bit more detail</a>:<br /><blockquote>... Many Google teams provide pieces of the spam-protection puzzle, from distributed computing to language detection. For example, we use optical character recognition (OCR) developed by the Google Book Search team to protect Gmail users from image spam. And machine-learning algorithms developed to merge and rank large sets of Google search results allow us to combine hundreds of factors to classify spam," explains Google. "Gmail supports multiple authentication systems, including SPF (Sender Policy Framework), DomainKeys, and DKIM (DomainKeys Identified Mail), so we can be more certain that your mail is from who it says it's from. Also, unlike many other providers that automatically let through all mail from certain senders, making it possible for their messages to bypass spam filters, Gmail puts all senders through the same rigorous checks...</blockquote>For years I've written that the way to defeat spam was through <a href="http://www.faughnan.com/spam.html#CheapFix">differential filtering based on the managed reputation of the authenticated sending service</a>. This little blurb is consistent with Google implementing that approach.<br /><br />Today about 70% of Google's incoming mail is spam -- but that's an improvement! It used to be closer to 80%. Excluding a weird 2004 bump this is the most prolonged drop in three years.<br /><br />My inbox is looking pretty good, and I hardly ever find anything in the spambox now (though I only scan about 20% of what I delete, I get a huge amount of spam).<br /><br />Gee. I have something nice to say about Google!JGFhttp://www.blogger.com/profile/14580785981874040314noreply@blogger.com0